minetest
/
irrlicht
mirror of https://github.com/minetest/irrlicht.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

CImageLoaderJPG: protect size calculation from overflow by rejecting huge dimensions

This commit is contained in:
sfan5 2021-09-14 20:02:40 +02:00
parent 713471e9a2
commit 594de99153
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
source/Irrlicht/CImageLoaderJPG.cpp
View File

@ -221,11 +221,15 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
cinfo.output_gamma=2.2;
cinfo.do_fancy_upsampling=FALSE;
// reject unreasonable sizes (4 * 32000 * 32000 is just under U32_MAX)
if (cinfo.image_width > 32000 || cinfo.image_height > 32000)
longjmp(jerr.setjmp_buffer, 1);
// Start decompressor
jpeg_start_decompress(&cinfo);
// Get image data
u16 rowspan = cinfo.image_width * cinfo.out_color_components;
u32 rowspan = cinfo.image_width * cinfo.out_color_components;
u32 width = cinfo.image_width;
u32 height = cinfo.image_height;